ClawHub

Og Image Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a small user-run image generator that sends prompts and a user-provided API token to the documented external image service, with no hidden persistence or local data collection found.

Install only if you are comfortable sending image prompts, optional reference image UUIDs, and a Neta/TalesOfAI token to api.talesofai.com. Use a dedicated revocable token, avoid confidential prompts, and avoid putting real tokens directly in saved shell history or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises use of an external API token and a Node script that generates images via the Neta service, which implies outbound network access, but the manifest does not declare that capability. Undeclared network behavior reduces transparency and can bypass user expectations or policy review, especially in an agent ecosystem where permissions are meant to signal sensitive actions.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata claims it uses the Neta AI API, but the implementation actually sends requests and the provided token to api.talesofai.com. This mismatch is security-relevant because users may disclose credentials and prompts under false assumptions about the receiving service, preventing informed consent and undermining supply-chain trust.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to pass the API token via a command-line flag, which commonly exposes secrets through shell history, process listings, CI logs, and terminal recordings. Because this is a usage pattern documented for end users, it increases the likelihood that credentials will be handled unsafely even if the underlying code is otherwise legitimate.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to pass the API token via a command-line flag, which can expose the secret through shell history, process listings, logs, and telemetry. Because this skill is specifically intended for use with a third-party network API, credential leakage could let others consume the account, access associated services, or impersonate the user against that provider.

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function makeImage() {
  const res = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
94% confidence
Finding
fetch("https://api.talesofai.com/v3/make_image", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
// --- Submit job ---
async function makeImage() {
  const res = await fetch("https://api.talesofai.com/v3/make_image", {
    method: "POST",
    headers: HEADERS,
    body: JSON.stringify(body),
Confidence
94% confidence
Finding
https://api.talesofai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
for (let attempt = 0; attempt < maxAttempts; attempt++) {
    await new Promise((r) => setTimeout(r, 2000));

    const res = await fetch(`https://api.talesofai.com/v1/artifact/task/${taskUuid}`, {
      headers: HEADERS,
    });
Confidence
91% confidence
Finding
https://api.talesofai.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal